Hey fellow slackers, I just wanted to share with you this SQLi Challenge sponsored by Modsecurity. The challenge consists of two levels, the first one is a speed test which is pretty straight forward - Be one of the first 4 to extract the required data and you're a winner. The second challenge is where it gets juicy, here you'll have to extract the same data, but without triggering an Inbound alert. Second level offers a prize to any winner. Good luck!

I'm interested on how you might bypass the inbound alerts. The site I looked at was using an JetSQL (Access) database, which makes things difficult since there is not an inline commenting structure for it. I tried that and parameter pollution for my first attempts.